Merge pull request #8580 from geoffw0/privdata

C++: Port PrivateData.qll from C# and use it in cpp/cleartext-transmission

cpp/ql/lib/semmle/code/cpp/security/PrivateData.qll

@@ -0,0 +1,67 @@
+/**
+ * Provides classes for heuristically identifying variables and functions that
+ * might contain or return sensitive private data.
+ *
+ * 'Private' data in general is anything that would compromise user privacy if
+ * exposed. This library tries to guess where private data may either be stored
+ * in a variable or returned by a function call.
+ *
+ * This library is not concerned with credentials. See `SensitiveExprs.qll` for
+ * expressions related to credentials.
+ */
+
+import cpp
+
+/**
+ * A string for `regexpMatch` that identifies strings that look like they
+ * represent private data.
+ */
+private string privateNames() {
+  result =
+    ".*(" +
+      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+      // Government identifiers, such as Social Security Numbers
+      "social.?security|" +
+      // Contact information, such as home addresses and telephone numbers
+      "post.?code|zip.?code|telephone|" +
+      // Geographic location - where the user is (or was)
+      "latitude|longitude|" +
+      // Financial data - such as credit card numbers, salary, bank accounts, and debts
+      "credit.?card|salary|bank.?account|" +
+      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+      "email|mobile|employer|" +
+      // Health - medical conditions, insurance status, prescription records
+      "medical" +
+      // ---
+      ").*"
+}
+
+/**
+ * A variable that might contain sensitive private information.
+ */
+class PrivateDataVariable extends Variable {
+  PrivateDataVariable() {
+    this.getName().toLowerCase().regexpMatch(privateNames()) and
+    not this.getUnspecifiedType() instanceof IntegralType
+  }
+}
+
+/**
+ * A function that might return sensitive private information.
+ */
+class PrivateDataFunction extends Function {
+  PrivateDataFunction() {
+    this.getName().toLowerCase().regexpMatch(privateNames()) and
+    not this.getUnspecifiedType() instanceof IntegralType
+  }
+}
+
+/**
+ * An expression whose value might be sensitive private information.
+ */
+class PrivateDataExpr extends Expr {
+  PrivateDataExpr() {
+    this.(VariableAccess).getTarget() instanceof PrivateDataVariable or
+    this.(FunctionCall).getTarget() instanceof PrivateDataFunction
+  }
+}

cpp/ql/lib/semmle/code/cpp/security/SensitiveExprs.qll

@@ -1,13 +1,16 @@
 /**
  * Provides classes for heuristically identifying variables and functions that
- * might contain or return a password or other sensitive information.
+ * might contain or return a password or other credential.
+ *
+ * This library is not concerned with other kinds of sensitive private
+ * information. See `PrivateData.qll` for expressions related to that.
  */
 
 import cpp
 
 /**
  * Holds if the name `s` suggests something might contain or return a password
- * or other sensitive information.
+ * or other credential.
  */
 bindingset[s]
 private predicate suspicious(string s) {
@@ -16,7 +19,7 @@ private predicate suspicious(string s) {
 }
 
 /**
- * A variable that might contain a password or other sensitive information.
+ * A variable that might contain a password or other credential.
  */
 class SensitiveVariable extends Variable {
   SensitiveVariable() {
@@ -26,7 +29,7 @@ class SensitiveVariable extends Variable {
 }
 
 /**
- * A function that might return a password or other sensitive information.
+ * A function that might return a password or other credential.
  */
 class SensitiveFunction extends Function {
   SensitiveFunction() {
@@ -36,7 +39,7 @@ class SensitiveFunction extends Function {
 }
 
 /**
- * An expression whose value might be a password or other sensitive information.
+ * An expression whose value might be a password or other credential.
  */
 class SensitiveExpr extends Expr {
   SensitiveExpr() {